Finland says government communications hacked

The Finnish government's computer networks have been breached by malware for years, and it is possible secure communications have been compromised, the Finnish Ministry for Foreign Affairs confirmed Friday.

The malware was discovered in January but it was in place for years before being discovered, said Ari Uusikartano, director general of the Information and Documentation Division of the Ministry for Foreign Affairs of Finland. The government kept the breach secret until a Finnish TV station reported it on Thursday.

"My estimate is that it has been active about two or three years," before it was discovered, said Uusikartano. There are indications that information with the lowest level security classification has been compromised, he said.

Immediately after the breach was discovered, the Finnish police started an investigation that is still ongoing, said Uusikartano.

The malware used to spy on the Finnish government resembles malware used in a spying operation dubbed "Red October", but it is more advanced than that, said Uusikartano. "That is why it was able to penetrate our defenses," he said.

Red October is an espionage campaign that was uncovered by researchers from antivirus firm Kaspersky Lab in January. During that campaign, unidentified attackers stole sensitive information from hundreds of diplomatic, government, research and military organizations from around the world, using highly customized and sophisticated data theft malware, according to Kaspersky.

"When we announced it, the Red October campaign was ongoing for at least 6 years, with thousands of modules being created and deployed to hundreds of high profile victims worldwide," said Costin Raiu, director of Kasperky Lab's global research and analysis team in an email on Friday.

It is possible that Red October was just one campaign from the same actor, and there could be others that haven't been discovered yet, Raiu said.

Finnish media reported that Russian and Chinese intelligence organizations could be behind the attack, but the government spokesman maintained that the perpetrator is still unknown.

Kasperky's analysis indicated that the Red October attackers were proficient in the Russian language, said Raiu, but he added that this does not have to mean that the attackers were Russian.

Besides Finland, other countries could be the victim of the same attack, said Uusikartano. "There are indications that this is not a strictly Finnish problem," he said, adding that Finland has discussed this matter with several European countries. He declined to name the other countries. The matter has also been discussed in Brussels in European Union circles, he added.

While Kasperksy has no independent information on this specific incident in Finland, Raiu said that Red October infections were observed in many E.U. countries, including government organizations.

Since January, the number of Red October victims has been decreasing. Nevertheless, there are still victims in countries including Belgium, Romania, Croatia, the U.K., Estonia, Lithuania, Slovakia, the Netherlands and Germany, he said.

Latest Videos

​Email fraud is nothing new, but online criminals have become ever more-effective at spoofing their identities to trick employees into sending them money. The Australian Centre for Cyber Security (ACSC) recorded losses of over $20M to business email compromise (BEC) attacks last year alone, up 230 percent over the previous year – and the full amount is certain to be much larger.​

No matter how robust your security, or how diligent your employees, network credentials are a free pass for cybercriminals. This is mostly because employees are relied upon for their own password management. And with more than 4.8 billion sets of stolen credentials said to be available online, odds are that at least a few of your employees’ user IDs and passwords are just waiting to be used by unscrupulous outsiders. Are you ready to stop them?

Cyber resilience will be particularly important as Australian organisations face increased pressure to quickly detect, respond to, and manage the repercussions of breaches in the wake of 2018’s Notifiable Data Breaches (NDB) scheme.

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.